Ajutor criptare parola

[rpg]

Problema intalnita: In primul rand salutari SA:MP Romania.Problema este ca am pus sa se cripteze parola la inregistrare iar la login imi zice parola incorecta.Este prima oara cand incerc sa fac asa ceva(am incercat sa rezolv singur...).Folosesc HASH simplu(asa cred ca se spune).

Linii / script-uri:

public OnPlayerRegister(playerid, password[])
{
	if(IsPlayerConnected(playerid))
	{
		new playername3[MAX_PLAYER_NAME];
		GetPlayerName(playerid, playername3, sizeof(playername3));
		new Str[200];
	    new qstr[256];
		new MyHash[256];
	    SHA256_PassHash(password, "78sdjs86d2h", MyHash, sizeof(MyHash));
	    format(qstr,100,"SELECT * FROM users WHERE `name`='%s' AND `password`='%s'",playername2,MyHash);
		strmid(PlayerInfo[playerid][pKey], password, 0, strlen(password), 255);
		PlayerInfo[playerid][pCash] = GetPlayerCash(playerid);
		PlayerInfo[playerid][pCarLic] = 1;
		PlayerInfo[playerid][pCarLicT] = 10;
	    GetPlayerHealthEx(playerid,PlayerInfo[playerid][pHealth]);

Ia la login:

public OnPlayerLogin(playerid,password[])
{
	new playername2[MAX_PLAYER_NAME];
    GetPlayerName(playerid, playername2, sizeof(playername2));
    GameTextForPlayer(playerid, "~w~Se incarca...~n~~y~Se verifica parola", 700, 3);
    new playerip[16];
/*	GetPlayerIp(playerid,playerip,sizeof(playerip));
	if(NumIp(playerip, playerid) >= 3 && !IsBotOnIP(playerip))
	{
 		SendClientMessage(playerid, COLOR_LIGHTRED, "There are already 2 players connected with same IP.");
 		Kick(playerid);
 		return 1;
	}
*/
    new qstr[256];
	new MyHash[256];
    SHA256_PassHash(password, "78sdjs86d2h", MyHash, sizeof(MyHash));
    format(qstr,100,"SELECT * FROM users WHERE `name`='%s' AND `password`='%s'",playername2,MyHash);
    new Cache: pass = mysql_query(SQL,qstr);

Daca ma poate ajuta cineva va rog frumos?Stiu ca e simplu...dar nu-mi dau seama ce am gresit...(in baza se salveaza parola criptat).

Folosesc gamemode bigzone(scuze daca fac reclama).

Multumesc anticipat.

Edited May 3, 2017 by rpg

[CritteR]

 

Quote

Description:

Hashes a password using the SHA-256 hashing algorithm. Includes a salt. The output is always 256 bytes in length, or the equivalent of 64 Pawn cells.

Modifica MyHash[256] in MyHash[65] si vezi daca merge.

Edited May 3, 2017 by CritteR

[Banditul]

// 16 random characters from 33 to 126 (in ASCII) for the salt
		for (new i = 0; i < 16; i++) PlayerInfo[playerid][pSalt][i] = random(94) + 33;
		SHA256_PassHash(password, PlayerInfo[playerid][pSalt], PlayerInfo[playerid][pKey], 65);
		new Str[200];
		mysql_format(SQL,Str,sizeof(Str),"INSERT INTO `users` (`name`,`password`,`salt`) VALUES ('%e','%e','%e')",playername3,PlayerInfo[playerid][pKey],PlayerInfo[playerid][pSalt]);
		mysql_tquery(SQL,Str,"SqlInsertSID","i",playerid);

Eu unu am facut asa la OnPlayerRegister, apropo, la Register nu trebuie sa selectezi , trebuie sa inserezi

 

new hashed_pass[65];
	SHA256_PassHash(password, PlayerInfo[playerid][pSalt], hashed_pass, 65);
	mysql_format(SQL,qstr,sizeof(qstr),"SELECT * FROM users WHERE `name`='%e' AND `password`='%e'",playername2,hashed_pass);
	result = mysql_query(SQL,qstr,true);
	rows = cache_get_row_count(SQL);
	if(rows > 0)
	{
		//Aici incarci datele
 	}

new Cache:csalt,squery[128];
	mysql_format(SQL, squery, sizeof(squery), "SELECT `salt` FROM `users` WHERE `name` = '%e'", GetNameEx(playerid));
	csalt = mysql_query(SQL, squery,true);
	if(cache_num_rows() > 0)
	{
		cache_get_field_content(0, "salt", PlayerInfo[playerid][pSalt], SQL,17);
	}
	cache_delete(csalt, SQL);

Iar asta la OnPlayerConnect , pe la inceput ar fi ok , ca sa incarci salt-ul playerului pentru al folosi la Login

 

Ideea de a folosi un salt static nu e cea mai ok , fiecare jucator ar trebui sa aibe salt unic precum vezi la OnPlayerRegister-ul meu opinia mea